From 847991b6582c40fe61ff5858ccf97c4101a95134 Mon Sep 17 00:00:00 2001 From: ljacqu Date: Sun, 21 Jan 2018 19:06:51 +0100 Subject: [PATCH] #1474 Don't log /email changepassword command (exposes password) --- src/main/java/fr/xephi/authme/output/LogFilterHelper.java | 2 +- src/test/java/fr/xephi/authme/output/LogFilterHelperTest.java | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/src/main/java/fr/xephi/authme/output/LogFilterHelper.java b/src/main/java/fr/xephi/authme/output/LogFilterHelper.java index 225538301..fa43a01c8 100644 --- a/src/main/java/fr/xephi/authme/output/LogFilterHelper.java +++ b/src/main/java/fr/xephi/authme/output/LogFilterHelper.java @@ -16,7 +16,7 @@ final class LogFilterHelper { static final List COMMANDS_TO_SKIP = withAndWithoutAuthMePrefix( "/login ", "/l ", "/log ", "/register ", "/reg ", "/unregister ", "/unreg ", "/changepassword ", "/cp ", "/changepass ", "/authme register ", "/authme reg ", "/authme r ", - "/authme changepassword ", "/authme password ", "/authme changepass ", "/authme cp "); + "/authme changepassword ", "/authme password ", "/authme changepass ", "/authme cp ", "/email setpassword "); private static final String ISSUED_COMMAND_TEXT = "issued server command:"; diff --git a/src/test/java/fr/xephi/authme/output/LogFilterHelperTest.java b/src/test/java/fr/xephi/authme/output/LogFilterHelperTest.java index f211a608b..302345fb9 100644 --- a/src/test/java/fr/xephi/authme/output/LogFilterHelperTest.java +++ b/src/test/java/fr/xephi/authme/output/LogFilterHelperTest.java @@ -28,7 +28,8 @@ public class LogFilterHelperTest { // given List sensitiveCommands = Arrays.asList( getCommand("register"), getCommand("login"), getCommand("changepassword"), getCommand("unregister"), - getCommand("authme", "register"), getCommand("authme", "changepassword") + getCommand("authme", "register"), getCommand("authme", "changepassword"), + getCommand("email", "setpassword") ); // Build array with entries like "/register ", "/authme cp ", "/authme changepass " String[] expectedEntries = sensitiveCommands.stream()